SQL Injection Vulnerability in Eniture Technology Small Package Quotes Plugin
CVE-2025-24665

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Small Package Quotes – Unishippers Edition
Vendor: CVE Published:; 27 January 2025

Summary

The Eniture Technology Small Package Quotes – Unishippers Edition plugin is affected by a significant SQL Injection vulnerability. This issue allows malicious entities to manipulate SQL queries, which could compromise the integrity and confidentiality of the database. Affected versions include all prior to 2.4.8. Users are strongly advised to update to the latest version and implement security best practices to mitigate this risk.

Affected Version(s)

Small Package Quotes – Unishippers Edition <= 2.4.8

References

https://patchstack.com/database/wordpress/plugin/small-pa...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Colin Xu (Patchstack Alliance)